Security Testing

SaM Solutions provides security QA service as an established continuous process. The aim of security QA is to protect the software against unforeseen actions that may damage functionality of the system. SaM Solutions has extensive expertise to apply different testing strategies and technics based on risk level and requirements in every particular case. Our highly qualified experts will conduct an analysis to determine what types of tests are important in a particular case to achieve the best result.

DOMAINS

Web applications security testing – is our core area of expertise. However, we also work with mobile, desktop, system and embedded soſtware. Our team successfully completed projects within such business domains as:

Cyber Security

Supply Chain Management

E-Commerce

Intellectual Property

Mortgage

SAM SOLUTIONS’ EXPERTS ARE USING DIFFERENT SECURITY TESTING METHODOLOGIES

WHITE BOX - Soſtware testing method in which the tester knows internal structure, design and mechanism of the application.

GREY BOX - This is a combination of white-box testing and black-box testing based on limited knowledge of the internal details of the program.

BLACK BOX -This is a technique supposing testing of the functionality of soſtware without going deep into its code and structure.

TYPES OF TESTING

Available testing options will span from fully automated technics using industry standard security testing tools and SaM Solutions know-how self-created instruments to apply in-depth manual testing. By choosing our company, you can be sure that we will fit in your particular needs and utilize best-of-breed tools with customizations that match your business needs.

SOURCE CODE REVIEW

Review of program’s source code with the purpose of finding security faults and fixing them before the application is sold or distributed.

PENETRATION TESTING

Simulation of software attack on a computer system that looks for security bugs, potentially gaining access to the computer’s features and data.

SQL INJECTION

A code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution.

XSS

A code injection technique, used to attack data-driven applications, in which malicious
SQL statements are inserted into an entry field for execution.

CRFL INJECTION

Injection of CRLF sequence into an HTTP stream, to get maliciously control the way a web application functions.

VULNERABILITY SCANNING

Automated process of proactively identifying security vulnerabilities of computing systems in a network in order to determine if and where a system can be exploited and/or threatened.

TESTING AGAINST SENSITIVE DATA EXPOSURE

Testing against access to information that must be protected from outside intruders.

QA OF SECURITY SYSTEMS

SaM provides QA services to leading network security appliances vendors that operate under the highest international industrial environment standards. QA of Security Systems is an established process, which includes the following activities: